US20040268127A1 - Method and systems for securely exchanging data in an electronic transaction - Google Patents

Method and systems for securely exchanging data in an electronic transaction Download PDF

Info

Publication number
US20040268127A1
US20040268127A1 US10/870,511 US87051104A US2004268127A1 US 20040268127 A1 US20040268127 A1 US 20040268127A1 US 87051104 A US87051104 A US 87051104A US 2004268127 A1 US2004268127 A1 US 2004268127A1
Authority
US
United States
Prior art keywords
public key
communication interface
transaction
encrypted
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/870,511
Inventor
Jagdeep Sahota
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visa International Service Association
Original Assignee
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa International Service Association filed Critical Visa International Service Association
Priority to US10/870,511 priority Critical patent/US20040268127A1/en
Assigned to VISA INTERNATIONAL SERVICE ASSOCIATION reassignment VISA INTERNATIONAL SERVICE ASSOCIATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SAHOTA, JAGDEEP SINGH
Publication of US20040268127A1 publication Critical patent/US20040268127A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present invention relates to methods of encrypting and securely exchanging data between electronic devices. More specifically, the present invention relates to methods of encrypting and securely exchanging data over a communication interface to complete a transaction or other exchange of electronically stored information.
  • Sensitive information such as financial account information, payment information, passwords and other similar data may be exchanged in either commercial or consumer transactions.
  • the need to securely exchange data is not limited to financial and commercial transactions.
  • the electronic storage and exchange of data comprising confidential patient information has become prevalent.
  • the U.S. Health Insurance Portability and Accountability Act of 1996 requires the adoption and implementation of procedures to securely store and exchange all patient information which is in an electronic format.
  • RSA encryption is a public-key cryptosystem for both encryption and authentication that was first devised in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.
  • Triple-DES is a private-key encryption method, which is based on an earlier private-key encryption method known as DES.
  • Triple-DES encryption the input data is, in effect, encrypted three times using the DES method.
  • This mode of encryption is sometimes referred to as DES-EDE.
  • Another variant is DES-EEE, which consists of three consecutive encryptions.
  • the third option makes triple-DES backward compatible with DES.
  • a method of ensuring secure data exchange includes initiating a transaction from a user device, transmitting, via a communication interface, one or more public key certificates from the user device to a point of transaction terminal, performing one or more encryption algorithms using the one or more public key certificates and one or more keys to produce an encrypted data block at the point of transaction terminal, transmitting, via the communication interface, the encrypted data block from the point of transaction terminal to the user device, performing a decryption algorithm on the encrypted data block using a device private key to decrypt a random session key on the user device, performing an encryption algorithm using transaction data and the random session key to produce encrypted transaction data on the user device, transmitting, via the communication interface, the encrypted transaction data from the user device to the point of transaction terminal, and performing a decryption algorithm on the encrypted transaction data to decrypt the transaction data at the point of transaction terminal.
  • the user device may include a storage medium for storing the one or more public key certificates and the device private key, and a processing module for performing encryption and decryption algorithms.
  • the one or more public key certificates may include a service provider public key certificate and a device public key certificate.
  • performing one or more encryption algorithms includes performing an encryption algorithm using a service provider public key certificate and a service provider certificate authority public key to produce a service provider public key, performing an encryption algorithm using a device public key certificate and the service provider public key to produce a device public key, generating a session key, and performing an encryption algorithm using the session key and the device public key to produce an encrypted data block.
  • a user device for ensuring secure data exchange includes a processor, a communication interface operably connected to the processor, and a computer-readable storage medium operably connected to the processor.
  • the computer-readable storage medium contains one or more programming instructions for performing a method for ensuring secure data exchange including transmitting, via the communication interface, one or more public key certificates, receiving, via the communication interface, an encrypted data block, performing a decryption algorithm on the encrypted data block using a device private key to decrypt a random session key, performing an encryption algorithm using transaction data and the random session key to produce encrypted transaction data, and transmitting, via the communication interface, the encrypted transaction data.
  • the one or more public key certificates may include a service provider public key certificate and a device public key certificate.
  • a point of transaction terminal for ensuring secure data exchange includes a processor, a communication interface operably connected to the processor, and a computer-readable storage medium operably connected to the processor.
  • the computer-readable storage medium contains one or more programming instructions for performing a method for ensuring secure data exchange including receiving, via the communication interface, one or more public key certificates, performing one or more encryption algorithms using the one or more public key certificates and one or more keys to produce an encrypted data block, transmitting, via the communication interface, the encrypted data block, receiving, via the communication interface, encrypted transaction data from, and performing a decryption algorithm on the encrypted transaction data to decrypt the transaction data.
  • the one or more public key certificates may include a service provider public key certificate and a device public key certificate.
  • performing one or more encryption algorithms includes performing an encryption algorithm using the service provider public key certificate and a service provider certificate authority public key to produce a service provider public key at the point of transaction terminal, performing an encryption algorithm using the device public key certificate and the service provider public key to produce a device public key at the point of transaction terminal, generating a session key at the point of transaction terminal, and performing an encryption algorithm using the session key and the device public key to produce an encrypted data block at the point of transaction terminal.
  • FIG. 1 is a depiction of an exemplary embodiment for generating a service provider public key.
  • FIG. 2 is a depiction of an exemplary embodiment for generating the device public key.
  • FIG. 3 is a depiction of an exemplary embodiment of encrypting a session key to generate an encrypted data block.
  • FIG. 4 is a depiction of an exemplary embodiment of transmitting the encrypted data block over a communication interface.
  • FIG. 5 is a depiction of an exemplary embodiment of decrypting a random session key from the encrypted data block.
  • FIG. 6 is a depiction of an exemplary embodiment of encrypting transaction data using a random session key for transmission over a communication interface.
  • FIG. 7 is a diagram of the interaction of the various techniques utilized to establish secure channel for the exchange of data.
  • the present invention generally comprises a first device, also referred to herein as a user device 701 , and a second device, also referred to herein as a point of transaction terminal 702 .
  • the first device 701 transmits a service provider public key certificate 710 and a device public key certificate 711 over a communications interface 712 to the second device 702 .
  • the service provider public certificate 710 and the device public key certificate 711 may be transmitted to the second device 702 separately or simultaneously.
  • the second device 702 then generates a session key 713 which is encrypted utilizing the certificates received from the first device 701 .
  • the encrypted session key 714 is transmitted to the first device 701 over the communications interface 712 .
  • the first device 701 decrypts the encrypted session key 714 .
  • the session key then constitutes a shared secret between the first device 701 and the second device 702 which is utilized to encrypt and securely exchange subsequent transaction data 720 .
  • a first device also referred to as a user device 102
  • the user device 102 may include, for example, a processor a communication interface, and a computer-readable storage medium that contains a service provider public key certificate 104 assigned by the service provider.
  • the computer-readable storage medium of the user device 102 may further contain a device public key certificate 202 , depicted in FIG.
  • the service provider public key certificate 104 and the device public key certificate 202 may be securely stored on the user device 102 and may be used, alone or in combination, to create a secure channel for exchanging transaction data between the user device 102 and a point of transaction terminal 108 .
  • the device private key 502 may be used to transmit data through the secure channel created with the aid of one or more of the service provider public key certificate 104 and the device public key certificate 202 .
  • the point of transaction terminal 108 may be a point of sale terminal, credit authorization terminal or any other electronic device and may have a certificate authority (CA) root public key 110 .
  • the point of transaction terminal 108 may include a processor, a communication interface and a computer-readable storage medium.
  • the user device 102 may send the service provider public key certificate 104 over the communication interface 106 to the point of transaction terminal 108 .
  • the communication interface 106 may include, without limitation, a telephone network, a telecommunications network, such as the Internet, an intranet, or an extranet, any wireless communication method, and/or any combination of the foregoing.
  • the service provider public key certificate 104 may be signed by the service provider root private key.
  • standard RSA encryption algorithms may be used to generate the service provider public key 112 in the point of transaction terminal 108 from the CA root public key 110 and the service provider public key certificate 104 .
  • other encryption algorithms may be used to generate the service provider public key 112 .
  • FIG. 2 An exemplary method of generating a device public key is depicted in FIG. 2.
  • the device public key certificate 202 may be sent over the communication interface 106 .
  • Standard RSA encryption algorithms may be used to generate the device public key 204 from the service provider public key 112 and the device public key certificate 202 .
  • other encryption algorithms may be used to generate the device public key 204 .
  • the transmission of the device public key 204 and the generation of the service provider public key 112 may be performed as part of a single data exchange or separately.
  • a session key 302 may be generated by the point of transaction terminal 108 through a random generation sequence.
  • the session key 302 may be of any size. In an embodiment, the session key 302 is 16 bytes in length.
  • standard RSA encryption algorithms may be used to generate an encrypted data block 304 from the session key 302 and the device public key 204 . In an alternate embodiment, other encryption algorithms may be used to generate the encrypted data block 304 .
  • the encrypted data block 304 may then be transmitted over the communication interface 106 to the user device 102 as depicted in FIG. 4.
  • Decrypting a random session key from the encrypted data block is depicted in FIG. 5.
  • the device private key 502 contained in the user device 102 may be used to decrypt the encrypted data block 304 that was received from the point of transaction terminal 108 .
  • the decryption may be performed using RSA decryption algorithms or any other decryption algorithm that would authenticate the encryption used to encrypt the data in the encrypted data block 304 .
  • the user device 102 may extract a random session key 504 from the encrypted data block 304 using the device private key 502 .
  • the user device 102 and the point of transaction terminal 108 have encryption keys that may be used to decrypt information from each other.
  • the point of transaction terminal 108 may use the session key 302 to decrypt information transmitted from the user terminal 102 that is encrypted using the random session key 504 .
  • Encrypting transaction data using a random session key for transmission over a communication interface is depicted in FIG. 6.
  • Transaction data 602 such as payment information in a credit card exchange
  • the user terminal 102 may be encrypted by an encryption algorithm using the random session key 504 .
  • the encryption algorithm may be triple-DES.
  • the encrypted transaction data block 604 may then be transmitted over the communication interface 106 to the point of transaction terminal 108 .
  • the point of transaction terminal 108 may use the session key 304 to decrypt the encrypted transaction data block 604 to extract payment information input at the input device 102 .

Abstract

Methods and systems of encrypting and authenticating transaction data via the use of encryption and authentication algorithms are disclosed. Encryption and decryption algorithms are stored within a computer-readable storage medium and executed by a processor on a user device. These algorithms are used when a transaction is initiated by the user device with a point of transaction terminal across a communication interface to establish a secure connection for the transmission of data. Data relating to the transaction is then sent across the communication interface through the secure connection.

Description

    RELATED APPLICATIONS AND CLAIM OF PRIORITY
  • This application claims priority to and incorporates by reference in its entirety, U.S. Provisional Application Ser. No. 60/479,626 entitled “Method for Securely Exchanging Data in an Electronic Transaction” filed Jun. 17, 2003.[0001]
    • TECHNICAL FIELD
  • The present invention relates to methods of encrypting and securely exchanging data between electronic devices. More specifically, the present invention relates to methods of encrypting and securely exchanging data over a communication interface to complete a transaction or other exchange of electronically stored information. [0002]
    • BACKGROUND
  • As the ease of electronically maintaining and exchanging information has continually increased, electronic data exchanges have become more prevalent. Today, Electronic Data Interchange (“EDI”) is well accepted in consumer, commercial, personal and other transactions. In particular, as the pace, quantity and breadth of EDI increases in commercial and personal settings, individuals or businesses are exchanging vast quantities of sensitive or proprietary data on a daily basis. Technological improvements have allowed businesses and individuals to engage in transactions in new and expanding environments. For example, payment of a transaction can now be made over a wireless interface such as in the case of a radio frequency enabled integrated circuit card or infrared enabled electronic devices. [0003]
  • As the use of EDI continues to expand, the need to securely exchange data has become critically important. Sensitive information, such as financial account information, payment information, passwords and other similar data may be exchanged in either commercial or consumer transactions. [0004]
  • The need to securely exchange data is not limited to financial and commercial transactions. For example, in a health care setting, the electronic storage and exchange of data comprising confidential patient information has become prevalent. In anticipation of the continued expansion of electronic storage of patient information into the health care field, the U.S. Health Insurance Portability and Accountability Act of 1996 requires the adoption and implementation of procedures to securely store and exchange all patient information which is in an electronic format. [0005]
  • Various methods of performing encryption and the secure exchange of data have been devised to provide increased security when electronically exchanging data between two electronic devices. Two of the more prevalent encryption methods used today are RSA encryption and triple-DES encryption. [0006]
  • RSA encryption is a public-key cryptosystem for both encryption and authentication that was first devised in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm works as follows: take two large prime numbers, p and q, and find their product n=pq, n is called the modulus; choose an odd number, e, such that 1<e<n and e is relatively prime to (p−1)(q−1); compute the multiplicative inverse of e, called d, such that ed=1 (mod(p−1)(q−1)). It is well known that computing the multiplicative inverse of e entails finding an integer, x, such that d=(x(p−1)(q−1)+1)/e is also an integer. e and d are called the public and private exponents, respectively. The public key is the pair (n, e) and the private key is d. The factors p and q must be kept secret. It is difficult (presumably) to obtain the private key d from the public key (n, e). If one could factor n into p and q, however, then one could obtain the private key d. As such, the entire security of RSA depends on the difficulty of factoring. [0007]
  • Triple-DES is a private-key encryption method, which is based on an earlier private-key encryption method known as DES. In Triple-DES encryption, the input data is, in effect, encrypted three times using the DES method. There are a variety of ways of doing this; the ANSI X9.52 standard defines triple-DES encryption with keys k1, k2, k3 as C=Ek3(Dk2(Ek1(M))), where Ek and Dk denote DES encryption and DES decryption, respectively, with the key k, M is the message to be encrypted, and C is the encrypted message. This mode of encryption is sometimes referred to as DES-EDE. Another variant is DES-EEE, which consists of three consecutive encryptions. Three keying options are defined in ANSI X9.52 for DES-EDE: 1) the three keys k1, k2 and k3 are independent; 2) k1 and k2 are independent, but k1=k3; and 3) k1=k2=k3. The third option makes triple-DES backward compatible with DES. [0008]
  • The effectiveness of known encryption techniques is a matter of great concern in the financial transactions industry as financial services are being delivered in novel ways such as through wireless interfaces. Use of traditional encryption techniques have subjected these transactions to potential security breaches, such as what is known as the “man in the middle” attack. [0009]
  • Accordingly, what is needed is a method and system for securely exchanging data which can be useful in financial transactions in order to prevent data theft and subsequent fraud. [0010]
  • A further need exists for a method and system of securely exchanging data which can be useful in credit card transactions in order to prevent credit theft and subsequent credit card fraud using, for example, smart card technology. [0011]
  • It will be appreciated that the methods and techniques of the present invention will be equally effective in non-financial environments. [0012]
    • SUMMARY
  • It is an object of the present invention to create a secure channel for the exchange of data between two electronic devices by creating a shared secret key through the use and exchange of public key data. [0013]
  • In an embodiment, a method of ensuring secure data exchange includes initiating a transaction from a user device, transmitting, via a communication interface, one or more public key certificates from the user device to a point of transaction terminal, performing one or more encryption algorithms using the one or more public key certificates and one or more keys to produce an encrypted data block at the point of transaction terminal, transmitting, via the communication interface, the encrypted data block from the point of transaction terminal to the user device, performing a decryption algorithm on the encrypted data block using a device private key to decrypt a random session key on the user device, performing an encryption algorithm using transaction data and the random session key to produce encrypted transaction data on the user device, transmitting, via the communication interface, the encrypted transaction data from the user device to the point of transaction terminal, and performing a decryption algorithm on the encrypted transaction data to decrypt the transaction data at the point of transaction terminal. The user device may include a storage medium for storing the one or more public key certificates and the device private key, and a processing module for performing encryption and decryption algorithms. The one or more public key certificates may include a service provider public key certificate and a device public key certificate. In an embodiment, performing one or more encryption algorithms includes performing an encryption algorithm using a service provider public key certificate and a service provider certificate authority public key to produce a service provider public key, performing an encryption algorithm using a device public key certificate and the service provider public key to produce a device public key, generating a session key, and performing an encryption algorithm using the session key and the device public key to produce an encrypted data block. [0014]
  • In an embodiment, a user device for ensuring secure data exchange includes a processor, a communication interface operably connected to the processor, and a computer-readable storage medium operably connected to the processor. The computer-readable storage medium contains one or more programming instructions for performing a method for ensuring secure data exchange including transmitting, via the communication interface, one or more public key certificates, receiving, via the communication interface, an encrypted data block, performing a decryption algorithm on the encrypted data block using a device private key to decrypt a random session key, performing an encryption algorithm using transaction data and the random session key to produce encrypted transaction data, and transmitting, via the communication interface, the encrypted transaction data. The one or more public key certificates may include a service provider public key certificate and a device public key certificate. [0015]
  • In an embodiment, a point of transaction terminal for ensuring secure data exchange includes a processor, a communication interface operably connected to the processor, and a computer-readable storage medium operably connected to the processor. The computer-readable storage medium contains one or more programming instructions for performing a method for ensuring secure data exchange including receiving, via the communication interface, one or more public key certificates, performing one or more encryption algorithms using the one or more public key certificates and one or more keys to produce an encrypted data block, transmitting, via the communication interface, the encrypted data block, receiving, via the communication interface, encrypted transaction data from, and performing a decryption algorithm on the encrypted transaction data to decrypt the transaction data. The one or more public key certificates may include a service provider public key certificate and a device public key certificate. In an embodiment, performing one or more encryption algorithms includes performing an encryption algorithm using the service provider public key certificate and a service provider certificate authority public key to produce a service provider public key at the point of transaction terminal, performing an encryption algorithm using the device public key certificate and the service provider public key to produce a device public key at the point of transaction terminal, generating a session key at the point of transaction terminal, and performing an encryption algorithm using the session key and the device public key to produce an encrypted data block at the point of transaction terminal. [0016]
  • Various aspects and applications of the present invention will become apparent to the skilled artisan upon consideration of the brief description of the figures and the detailed description of the invention which follows. [0017]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • Aspects, features, benefits and advantages of the embodiments of the present invention will be apparent with regard to the following description, appended claims and accompanying drawings where: [0018]
  • FIG. 1 is a depiction of an exemplary embodiment for generating a service provider public key. [0019]
  • FIG. 2 is a depiction of an exemplary embodiment for generating the device public key. [0020]
  • FIG. 3 is a depiction of an exemplary embodiment of encrypting a session key to generate an encrypted data block. [0021]
  • FIG. 4 is a depiction of an exemplary embodiment of transmitting the encrypted data block over a communication interface. [0022]
  • FIG. 5 is a depiction of an exemplary embodiment of decrypting a random session key from the encrypted data block. [0023]
  • FIG. 6 is a depiction of an exemplary embodiment of encrypting transaction data using a random session key for transmission over a communication interface. [0024]
  • FIG. 7 is a diagram of the interaction of the various techniques utilized to establish secure channel for the exchange of data.[0025]
    • DETAILED DESCRIPTION
  • Before the present methods and systems are described, it is to be understood that this invention is not limited to the particular methodologies, systems or protocols described, as these may vary. It is also to be understood that the terminology used in the description is for the purpose of describing the particular versions or embodiments only, and is not intended to limit the scope of the present invention which will be limited only by the appended claims. In particular, although the present invention is described in conjunction with a financial transaction, it will be appreciated that the present invention may find use in any electronic exchange of data. [0026]
  • It must also be noted that as used herein and in the appended claims, the singular forms “a”, “an”, and “the” include plural reference unless the context clearly dictates otherwise. Thus, for example, reference to a “key” is a reference to one or more keys and equivalents thereof known to those skilled in the art, and so forth. Unless defined otherwise, all technical and scientific terms used herein have the same meanings as commonly understood by one of ordinary skill in the art. Although any methods and devices similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present invention, the preferred methods and devices are now described. All publications mentioned herein are incorporated by reference. Nothing herein is to be construed as an admission that the invention is not entitled to antedate such disclosure by virtue of prior invention. [0027]
  • As shown in FIG. 7, the present invention generally comprises a first device, also referred to herein as a user device [0028] 701, and a second device, also referred to herein as a point of transaction terminal 702. As discussed more fully in conjunction with FIGS. 1-6, the first device 701 transmits a service provider public key certificate 710 and a device public key certificate 711 over a communications interface 712 to the second device 702. The service provider public certificate 710 and the device public key certificate 711 may be transmitted to the second device 702 separately or simultaneously. The second device 702 then generates a session key 713 which is encrypted utilizing the certificates received from the first device 701. The encrypted session key 714 is transmitted to the first device 701 over the communications interface 712. The first device 701 decrypts the encrypted session key 714. The session key then constitutes a shared secret between the first device 701 and the second device 702 which is utilized to encrypt and securely exchange subsequent transaction data 720.
  • The specific steps of the present invention will now be discussed in detail. Deriving a service provider public key is depicted in FIG. 1. A first device, also referred to as a [0029] user device 102, may include, without limitation, a contactless card, an integrated chip card, a radio frequency identification device, an electronic device with payment services deployed thereon, a computer or any similar device or card capable of interfacing with a second device 108. The user device 102 may include, for example, a processor a communication interface, and a computer-readable storage medium that contains a service provider public key certificate 104 assigned by the service provider. The computer-readable storage medium of the user device 102 may further contain a device public key certificate 202, depicted in FIG. 2, and a device private key 502, depicted in FIG. 5. The service provider public key certificate 104 and the device public key certificate 202 may be securely stored on the user device 102 and may be used, alone or in combination, to create a secure channel for exchanging transaction data between the user device 102 and a point of transaction terminal 108. The device private key 502 may be used to transmit data through the secure channel created with the aid of one or more of the service provider public key certificate 104 and the device public key certificate 202.
  • The point of [0030] transaction terminal 108 may be a point of sale terminal, credit authorization terminal or any other electronic device and may have a certificate authority (CA) root public key 110. The point of transaction terminal 108 may include a processor, a communication interface and a computer-readable storage medium. The user device 102 may send the service provider public key certificate 104 over the communication interface 106 to the point of transaction terminal 108. The communication interface 106 may include, without limitation, a telephone network, a telecommunications network, such as the Internet, an intranet, or an extranet, any wireless communication method, and/or any combination of the foregoing. The service provider public key certificate 104 may be signed by the service provider root private key. In an embodiment, standard RSA encryption algorithms may be used to generate the service provider public key 112 in the point of transaction terminal 108 from the CA root public key 110 and the service provider public key certificate 104. In an alternate embodiment, other encryption algorithms may be used to generate the service provider public key 112.
  • An exemplary method of generating a device public key is depicted in FIG. 2. The device public [0031] key certificate 202 may be sent over the communication interface 106. Standard RSA encryption algorithms may be used to generate the device public key 204 from the service provider public key 112 and the device public key certificate 202. In an alternate embodiment, other encryption algorithms may be used to generate the device public key 204. The transmission of the device public key 204 and the generation of the service provider public key 112 may be performed as part of a single data exchange or separately.
  • Encrypting a session key to generate an encrypted data block is depicted in FIG. 3. A [0032] session key 302 may be generated by the point of transaction terminal 108 through a random generation sequence. The session key 302 may be of any size. In an embodiment, the session key 302 is 16 bytes in length. In an embodiment, standard RSA encryption algorithms may be used to generate an encrypted data block 304 from the session key 302 and the device public key 204. In an alternate embodiment, other encryption algorithms may be used to generate the encrypted data block 304. The encrypted data block 304 may then be transmitted over the communication interface 106 to the user device 102 as depicted in FIG. 4.
  • Decrypting a random session key from the encrypted data block is depicted in FIG. 5. The device [0033] private key 502 contained in the user device 102 may be used to decrypt the encrypted data block 304 that was received from the point of transaction terminal 108. In an embodiment, the decryption may be performed using RSA decryption algorithms or any other decryption algorithm that would authenticate the encryption used to encrypt the data in the encrypted data block 304. The user device 102 may extract a random session key 504 from the encrypted data block 304 using the device private key 502. Through this method, the user device 102 and the point of transaction terminal 108 have encryption keys that may be used to decrypt information from each other. Specifically, the point of transaction terminal 108 may use the session key 302 to decrypt information transmitted from the user terminal 102 that is encrypted using the random session key 504.
  • Encrypting transaction data using a random session key for transmission over a communication interface is depicted in FIG. 6. [0034] Transaction data 602, such as payment information in a credit card exchange, at the user terminal 102 may be encrypted by an encryption algorithm using the random session key 504. In an embodiment, the encryption algorithm may be triple-DES. The encrypted transaction data block 604 may then be transmitted over the communication interface 106 to the point of transaction terminal 108. The point of transaction terminal 108 may use the session key 304 to decrypt the encrypted transaction data block 604 to extract payment information input at the input device 102.
  • It is to be understood that the invention is not limited in its application to the details of construction and to the arrangements of the components set forth in this description or illustrated in the drawings. The invention is capable of other embodiments and of being practiced and carried out in various ways. Hence, it is to be understood that the phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting. [0035]
  • As such, those skilled in the art will appreciate that the conception upon which this disclosure is based may readily be utilized as a basis for the designing of other structures, methods, and systems for carrying out the several purposes of the present invention. It is important, therefore, that the description be regarded as including such equivalent constructions insofar as they do not depart from the spirit and scope of the present invention. [0036]

Claims (18)

What is claimed is:
1. A method of ensuring secure data exchange, comprising:
transmitting, via a communication interface, one or more public key certificates from a user device to a point of transaction terminal;
performing one or more first encryption algorithms using the one or more public key certificates and one or more keys to produce an encrypted data block at the point of transaction terminal;
transmitting, via the communication interface, the encrypted data block from the point of transaction terminal to the user device;
performing a first decryption algorithm on the encrypted data block using a device private key to decrypt a random session key on the user device;
performing a second encryption algorithm using transaction data and the random session key to produce encrypted transaction data on the user device;
transmitting, via the communication interface, the encrypted transaction data from the user device to the point of transaction terminal; and
performing a second decryption algorithm on the encrypted transaction data to decrypt the transaction data at the point of transaction terminal.
2. The method of claim 1, further comprising:
initiating a transaction from the user device.
3. The method of claim 1, further comprising:
initiating a transaction from the point of transaction terminal;
4. The method of claim 1 wherein the user device comprises:
a storage medium for storing the one or more public key certificates and the device private key; and
a processing module for performing encryption and decryption algorithms.
5. The method of claim 1 wherein the one or more public key certificates comprise:
a service provider public key certificate; and
a device public key certificate.
6. The method of claim 1 wherein performing one or more encryption algorithms comprises:
performing an encryption algorithm using the service provider public key certificate and a service provider certificate authority public key to produce a service provider public key;
performing an encryption algorithm using the device public key certificate and the service provider public key to produce a device public key;
generating a session key; and
performing an encryption algorithm using the session key and the device public key to produce an encrypted data block.
7. The method of claim 1 wherein each of the first encryption algorithms and the second encryption algorithm comprises one or more of the following:
an RSA encryption algorithm;
a DES encryption algorithm; and
a Triple-DES encryption algorithm.
8. The method of claim 1 wherein each of the first decryption algorithm and the second decryption algorithm comprises one or more of the following:
an RSA decryption algorithm;
a DES decryption algorithm; and
a Triple-DES decryption algorithm.
9. A user device for ensuring secure data exchange, comprising:
a processor;
a communication interface operably connected to the processor; and
a computer-readable storage medium operably connected to the processor,
wherein the computer-readable storage medium contains one or more programming instructions for performing a method for ensuring secure data exchange, the method comprising:
transmitting, via the communication interface, one or more public key certificates,
receiving, via the communication interface, an encrypted data block,
performing a decryption algorithm on the encrypted data block using a device private key to decrypt a random session key,
performing an encryption algorithm using transaction data and the random session key to produce encrypted transaction data, and
transmitting, via the communication interface, the encrypted transaction data.
10. The user device of claim 9 wherein the one or more public key certificates comprise:
a service provider public key certificate; and
a device public key certificate.
11. The user device of claim 9 wherein the encryption algorithm comprises one or more of the following:
an RSA encryption algorithm;
a DES encryption algorithm; and
a Triple-DES encryption algorithm.
12. The user device of claim 9 wherein the decryption algorithm comprises one or more of the following:
an RSA decryption algorithm;
a DES decryption algorithm; and
a Triple-DES decryption algorithm.
13. A point of transaction terminal for ensuring secure data exchange, comprising:
a processor;
a communication interface operably connected to the processor; and
a computer-readable storage medium operably connected to the processor,
wherein the computer-readable storage medium contains one or more programming instructions for performing a method for ensuring secure data exchange, the method comprising:
receiving, via the communication interface, one or more public key certificates,
performing one or more encryption algorithms using the one or more public key certificates and one or more keys to produce an encrypted data block,
transmitting, via the communication interface, the encrypted data block,
receiving, via the communication interface, encrypted transaction data from, and
performing a decryption algorithm on the encrypted transaction data to decrypt the transaction data.
14. The point of transaction terminal of claim 13 wherein the one or more public key certificates comprise:
a service provider public key certificate; and
a device public key certificate.
15. The point of transaction terminal of claim 13 wherein performing one or more encryption algorithms comprises:
performing an encryption algorithm using the service provider public key certificate and a service provider certificate authority public key to produce a service provider public key;
performing a first encryption algorithm using the device public key certificate and the service provider public key to produce a device public key;
generating a session key; and
performing a second encryption algorithm using the session key and the device public key to produce an encrypted data block.
16. The point of transaction terminal of claim 13 wherein each of the encryption algorithms comprises one or more of the following:
an RSA encryption algorithm;
a DES encryption algorithm; and
a Triple-DES encryption algorithm.
17. The point of transaction terminal of claim 13 wherein the decryption algorithm comprises one or more of the following:
an RSA decryption algorithm;
a DES decryption algorithm; and
a Triple-DES decryption algorithm.
18. A system for securing data exchange, comprising:
a user device, wherein the user device comprises:
a device processor,
a device communication interface operably connected to the device processor, and
a device computer-readable storage medium operably connected to the device processor,
wherein the device computer-readable storage medium contains one or more programming instructions for performing a method of securing data exchange, the method comprising:
transmitting, via the device communication interface, one or more public key certificates,
receiving, via the device communication interface, an encrypted data block,
performing a decryption algorithm on the encrypted data block using a device private key to decrypt a random session key,
performing an encryption algorithm using transaction data and the random session key to produce encrypted transaction data, and
transmitting, via the device communication interface, the encrypted transaction data; and
a point of transaction terminal, wherein the point of transaction terminal comprises:
a terminal processor,
a terminal communication interface operably connected to the terminal processor and the device communication interface, and
a terminal computer-readable storage medium operably connected to the terminal processor,
wherein the terminal computer-readable storage medium contains one or more programming instructions for performing a method for ensuring secure data exchange, the method comprising:
receiving, via the terminal communication interface, one or more public key certificates,
performing one or more encryption algorithms using the one or more public key certificates and one or more keys to produce an encrypted data block,
transmitting, via the terminal communication interface, the encrypted data block,
receiving, via the terminal communication interface, encrypted transaction data from, and
performing a decryption algorithm on the encrypted transaction data to decrypt the transaction data.
US10/870,511 2003-06-17 2004-06-17 Method and systems for securely exchanging data in an electronic transaction Abandoned US20040268127A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/870,511 US20040268127A1 (en) 2003-06-17 2004-06-17 Method and systems for securely exchanging data in an electronic transaction

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US47962603P 2003-06-17 2003-06-17
US10/870,511 US20040268127A1 (en) 2003-06-17 2004-06-17 Method and systems for securely exchanging data in an electronic transaction

Publications (1)

Publication Number Publication Date
US20040268127A1 true US20040268127A1 (en) 2004-12-30

Family

ID=33539199

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/870,511 Abandoned US20040268127A1 (en) 2003-06-17 2004-06-17 Method and systems for securely exchanging data in an electronic transaction

Country Status (6)

Country Link
US (1) US20040268127A1 (en)
EP (1) EP1636936A2 (en)
JP (1) JP2007524275A (en)
AU (1) AU2004250960A1 (en)
CA (1) CA2529800A1 (en)
WO (1) WO2004114575A2 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102005050878A1 (en) * 2005-10-21 2007-04-26 Fiducia It Ag Data processing devices e.g. personal computer, communicating method for bank institute, involves signaling declaration of intention to customer using output unit, where acknowledgement on intention is requested by data processing device
US20090063334A1 (en) * 2007-08-28 2009-03-05 Alistair Duncan Business-to-business transaction processing utilizing electronic payment network
US20120011058A1 (en) * 2001-01-19 2012-01-12 C-Sam, Inc. Transactional services
US8645681B1 (en) * 2011-09-28 2014-02-04 Emc Corporation Techniques for distributing secure communication secrets
US9064281B2 (en) 2002-10-31 2015-06-23 Mastercard Mobile Transactions Solutions, Inc. Multi-panel user interface
US20160226829A1 (en) * 2015-01-29 2016-08-04 Docusign, Inc. Systems and methods for secure data exchange
US9454758B2 (en) 2005-10-06 2016-09-27 Mastercard Mobile Transactions Solutions, Inc. Configuring a plurality of security isolated wallet containers on a single mobile device
US20160307197A1 (en) * 2014-01-15 2016-10-20 Solutio LLC System and method of generating and validating a unique transaction identifier
US9886691B2 (en) 2005-10-06 2018-02-06 Mastercard Mobile Transactions Solutions, Inc. Deploying an issuer-specific widget to a secure wallet container on a client device
US10510055B2 (en) 2007-10-31 2019-12-17 Mastercard Mobile Transactions Solutions, Inc. Ensuring secure access by a service provider to one of a plurality of mobile electronic wallets
US10944567B2 (en) 2019-07-11 2021-03-09 Advanced New Technologies Co., Ltd. Shared blockchain data storage
US11210650B2 (en) * 2016-01-25 2021-12-28 Advanced New Technologies Co., Ltd. Credit payment method and apparatus based on mobile terminal embedded secure element
US11308465B2 (en) * 2015-06-12 2022-04-19 Em Microelectronic-Marin S.A. Method for programming banking data in an integrated circuit of a watch

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1911194A1 (en) * 2005-07-26 2008-04-16 France Télécom Method for controlling secure transactions using a single physical device, corresponding physical device, system and computer programme
US8799680B2 (en) 2005-09-15 2014-08-05 Microsoft Corporation Transactional sealed storage
WO2015013440A1 (en) * 2013-07-23 2015-01-29 Battelle Memorial Institute Systems and methods for securing real-time messages

Citations (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5606617A (en) * 1994-10-14 1997-02-25 Brands; Stefanus A. Secret-key certificates
US5889863A (en) * 1996-06-17 1999-03-30 Verifone, Inc. System, method and article of manufacture for remote virtual point of sale processing utilizing a multichannel, extensible, flexible architecture
US5987140A (en) * 1996-04-26 1999-11-16 Verifone, Inc. System, method and article of manufacture for secure network electronic payment and credit collection
US6003014A (en) * 1997-08-22 1999-12-14 Visa International Service Association Method and apparatus for acquiring access using a smart card
US6023689A (en) * 1997-02-07 2000-02-08 Nokia Mobile Phones Limited Method for secure communication in a telecommunications system
US6029247A (en) * 1996-12-09 2000-02-22 Novell, Inc. Method and apparatus for transmitting secured data
US6192473B1 (en) * 1996-12-24 2001-02-20 Pitney Bowes Inc. System and method for mutual authentication and secure communications between a postage security device and a meter server
US6247129B1 (en) * 1997-03-12 2001-06-12 Visa International Service Association Secure electronic commerce employing integrated circuit cards
US6253193B1 (en) * 1995-02-13 2001-06-26 Intertrust Technologies Corporation Systems and methods for the secure transaction management and electronic rights protection
US6351812B1 (en) * 1998-09-04 2002-02-26 At&T Corp Method and apparatus for authenticating participants in electronic commerce
US6424718B1 (en) * 1996-10-16 2002-07-23 International Business Machines Corporation Data communications system using public key cryptography in a web environment
US6438550B1 (en) * 1998-12-10 2002-08-20 International Business Machines Corporation Method and apparatus for client authentication and application configuration via smart cards
US6460138B1 (en) * 1998-10-05 2002-10-01 Flashpoint Technology, Inc. User authentication for portable electronic devices using asymmetrical cryptography
US6516316B1 (en) * 1998-02-17 2003-02-04 Openwave Systems Inc. Centralized certificate management system for two-way interactive communication devices in data networks
US6560581B1 (en) * 1995-06-29 2003-05-06 Visa International Service Association System and method for secure electronic commerce transaction
US6574609B1 (en) * 1998-08-13 2003-06-03 International Business Machines Corporation Secure electronic content management system
US6738912B2 (en) * 2001-06-11 2004-05-18 Buettiker Daniel Method for securing data relating to users of a public-key infrastructure
US6760841B1 (en) * 2000-05-01 2004-07-06 Xtec, Incorporated Methods and apparatus for securely conducting and authenticating transactions over unsecured communication channels
US6779113B1 (en) * 1999-11-05 2004-08-17 Microsoft Corporation Integrated circuit card with situation dependent identity authentication
US6792113B1 (en) * 1999-12-20 2004-09-14 Microsoft Corporation Adaptable security mechanism for preventing unauthorized access of digital data
US6792536B1 (en) * 1999-10-20 2004-09-14 Timecertain Llc Smart card system and methods for proving dates in digital files
US6834271B1 (en) * 1999-09-24 2004-12-21 Kryptosima Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet
US6902116B2 (en) * 2002-06-11 2005-06-07 Innovative Card Technologies, Inc. Method for making a financial transaction card with embedded electronic circuitry
US6996547B1 (en) * 2000-09-27 2006-02-07 Motorola, Inc. Method for purchasing items over a non-secure communication channel

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6085320A (en) * 1996-05-15 2000-07-04 Rsa Security Inc. Client/server protocol for proving authenticity
JP4834263B2 (en) * 2001-09-28 2011-12-14 シャープ株式会社 Card authentication system, information recording card, and card authentication method
JP3943897B2 (en) * 2001-10-30 2007-07-11 株式会社東芝 Identification system and device

Patent Citations (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5606617A (en) * 1994-10-14 1997-02-25 Brands; Stefanus A. Secret-key certificates
US6253193B1 (en) * 1995-02-13 2001-06-26 Intertrust Technologies Corporation Systems and methods for the secure transaction management and electronic rights protection
US6560581B1 (en) * 1995-06-29 2003-05-06 Visa International Service Association System and method for secure electronic commerce transaction
US5987140A (en) * 1996-04-26 1999-11-16 Verifone, Inc. System, method and article of manufacture for secure network electronic payment and credit collection
US5889863A (en) * 1996-06-17 1999-03-30 Verifone, Inc. System, method and article of manufacture for remote virtual point of sale processing utilizing a multichannel, extensible, flexible architecture
US6424718B1 (en) * 1996-10-16 2002-07-23 International Business Machines Corporation Data communications system using public key cryptography in a web environment
US6029247A (en) * 1996-12-09 2000-02-22 Novell, Inc. Method and apparatus for transmitting secured data
US6192473B1 (en) * 1996-12-24 2001-02-20 Pitney Bowes Inc. System and method for mutual authentication and secure communications between a postage security device and a meter server
US6023689A (en) * 1997-02-07 2000-02-08 Nokia Mobile Phones Limited Method for secure communication in a telecommunications system
US6247129B1 (en) * 1997-03-12 2001-06-12 Visa International Service Association Secure electronic commerce employing integrated circuit cards
US6003014A (en) * 1997-08-22 1999-12-14 Visa International Service Association Method and apparatus for acquiring access using a smart card
US6516316B1 (en) * 1998-02-17 2003-02-04 Openwave Systems Inc. Centralized certificate management system for two-way interactive communication devices in data networks
US6574609B1 (en) * 1998-08-13 2003-06-03 International Business Machines Corporation Secure electronic content management system
US6351812B1 (en) * 1998-09-04 2002-02-26 At&T Corp Method and apparatus for authenticating participants in electronic commerce
US6460138B1 (en) * 1998-10-05 2002-10-01 Flashpoint Technology, Inc. User authentication for portable electronic devices using asymmetrical cryptography
US6438550B1 (en) * 1998-12-10 2002-08-20 International Business Machines Corporation Method and apparatus for client authentication and application configuration via smart cards
US6834271B1 (en) * 1999-09-24 2004-12-21 Kryptosima Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet
US6792536B1 (en) * 1999-10-20 2004-09-14 Timecertain Llc Smart card system and methods for proving dates in digital files
US6779113B1 (en) * 1999-11-05 2004-08-17 Microsoft Corporation Integrated circuit card with situation dependent identity authentication
US6792113B1 (en) * 1999-12-20 2004-09-14 Microsoft Corporation Adaptable security mechanism for preventing unauthorized access of digital data
US6760841B1 (en) * 2000-05-01 2004-07-06 Xtec, Incorporated Methods and apparatus for securely conducting and authenticating transactions over unsecured communication channels
US6996547B1 (en) * 2000-09-27 2006-02-07 Motorola, Inc. Method for purchasing items over a non-secure communication channel
US6738912B2 (en) * 2001-06-11 2004-05-18 Buettiker Daniel Method for securing data relating to users of a public-key infrastructure
US6902116B2 (en) * 2002-06-11 2005-06-07 Innovative Card Technologies, Inc. Method for making a financial transaction card with embedded electronic circuitry

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9208490B2 (en) 2001-01-19 2015-12-08 Mastercard Mobile Transactions Solutions, Inc. Facilitating establishing trust for a conducting direct secure electronic transactions between a user and a financial service providers
US9070127B2 (en) 2001-01-19 2015-06-30 Mastercard Mobile Transactions Solutions, Inc. Administering a plurality of accounts for a client
US20120011058A1 (en) * 2001-01-19 2012-01-12 C-Sam, Inc. Transactional services
US9870559B2 (en) 2001-01-19 2018-01-16 Mastercard Mobile Transactions Solutions, Inc. Establishing direct, secure transaction channels between a device and a plurality of service providers via personalized tokens
US9471914B2 (en) 2001-01-19 2016-10-18 Mastercard Mobile Transactions Solutions, Inc. Facilitating a secure transaction over a direct secure transaction channel
US9697512B2 (en) 2001-01-19 2017-07-04 Mastercard Mobile Transactions Solutions, Inc. Facilitating a secure transaction over a direct secure transaction portal
US10217102B2 (en) 2001-01-19 2019-02-26 Mastercard Mobile Transactions Solutions, Inc. Issuing an account to an electronic transaction device
US9177315B2 (en) 2001-01-19 2015-11-03 Mastercard Mobile Transactions Solutions, Inc. Establishing direct, secure transaction channels between a device and a plurality of service providers
US8781923B2 (en) 2001-01-19 2014-07-15 C-Sam, Inc. Aggregating a user's transactions across a plurality of service institutions
US9317849B2 (en) 2001-01-19 2016-04-19 Mastercard Mobile Transactions Solutions, Inc. Using confidential information to prepare a request and to suggest offers without revealing confidential information
US9330390B2 (en) 2001-01-19 2016-05-03 Mastercard Mobile Transactions Solutions, Inc. Securing a driver license service electronic transaction via a three-dimensional electronic transaction authentication protocol
US9330389B2 (en) 2001-01-19 2016-05-03 Mastercard Mobile Transactions Solutions, Inc. Facilitating establishing trust for conducting direct secure electronic transactions between users and service providers via a mobile wallet
US9330388B2 (en) 2001-01-19 2016-05-03 Mastercard Mobile Transactions Solutions, Inc. Facilitating establishing trust for conducting direct secure electronic transactions between a user and airtime service providers
US9400980B2 (en) 2001-01-19 2016-07-26 Mastercard Mobile Transactions Solutions, Inc. Transferring account information or cash value between an electronic transaction device and a service provider based on establishing trust with a transaction service provider
US9811820B2 (en) 2001-01-19 2017-11-07 Mastercard Mobile Transactions Solutions, Inc. Data consolidation expert system for facilitating user control over information use
US9064281B2 (en) 2002-10-31 2015-06-23 Mastercard Mobile Transactions Solutions, Inc. Multi-panel user interface
US9508073B2 (en) 2005-10-06 2016-11-29 Mastercard Mobile Transactions Solutions, Inc. Shareable widget interface to mobile wallet functions
US10121139B2 (en) 2005-10-06 2018-11-06 Mastercard Mobile Transactions Solutions, Inc. Direct user to ticketing service provider secure transaction channel
US9626675B2 (en) 2005-10-06 2017-04-18 Mastercard Mobile Transaction Solutions, Inc. Updating a widget that was deployed to a secure wallet container on a mobile device
US9454758B2 (en) 2005-10-06 2016-09-27 Mastercard Mobile Transactions Solutions, Inc. Configuring a plurality of security isolated wallet containers on a single mobile device
US10176476B2 (en) 2005-10-06 2019-01-08 Mastercard Mobile Transactions Solutions, Inc. Secure ecosystem infrastructure enabling multiple types of electronic wallets in an ecosystem of issuers, service providers, and acquires of instruments
US10140606B2 (en) 2005-10-06 2018-11-27 Mastercard Mobile Transactions Solutions, Inc. Direct personal mobile device user to service provider secure transaction channel
US9886691B2 (en) 2005-10-06 2018-02-06 Mastercard Mobile Transactions Solutions, Inc. Deploying an issuer-specific widget to a secure wallet container on a client device
US9990625B2 (en) 2005-10-06 2018-06-05 Mastercard Mobile Transactions Solutions, Inc. Establishing trust for conducting direct secure electronic transactions between a user and service providers
US10026079B2 (en) 2005-10-06 2018-07-17 Mastercard Mobile Transactions Solutions, Inc. Selecting ecosystem features for inclusion in operational tiers of a multi-domain ecosystem platform for secure personalized transactions
US10032160B2 (en) 2005-10-06 2018-07-24 Mastercard Mobile Transactions Solutions, Inc. Isolating distinct service provider widgets within a wallet container
US10096025B2 (en) 2005-10-06 2018-10-09 Mastercard Mobile Transactions Solutions, Inc. Expert engine tier for adapting transaction-specific user requirements and transaction record handling
DE102005050878A1 (en) * 2005-10-21 2007-04-26 Fiducia It Ag Data processing devices e.g. personal computer, communicating method for bank institute, involves signaling declaration of intention to customer using output unit, where acknowledgement on intention is requested by data processing device
US20090063334A1 (en) * 2007-08-28 2009-03-05 Alistair Duncan Business-to-business transaction processing utilizing electronic payment network
US10510055B2 (en) 2007-10-31 2019-12-17 Mastercard Mobile Transactions Solutions, Inc. Ensuring secure access by a service provider to one of a plurality of mobile electronic wallets
US8645681B1 (en) * 2011-09-28 2014-02-04 Emc Corporation Techniques for distributing secure communication secrets
US20160307197A1 (en) * 2014-01-15 2016-10-20 Solutio LLC System and method of generating and validating a unique transaction identifier
US10110575B2 (en) * 2015-01-29 2018-10-23 Docusign, Inc. Systems and methods for secure data exchange
US20160226829A1 (en) * 2015-01-29 2016-08-04 Docusign, Inc. Systems and methods for secure data exchange
USRE49673E1 (en) * 2015-01-29 2023-09-26 Docusign, Inc. Systems and methods for secure data exchange
US11308465B2 (en) * 2015-06-12 2022-04-19 Em Microelectronic-Marin S.A. Method for programming banking data in an integrated circuit of a watch
US11210650B2 (en) * 2016-01-25 2021-12-28 Advanced New Technologies Co., Ltd. Credit payment method and apparatus based on mobile terminal embedded secure element
US11288655B2 (en) 2016-01-25 2022-03-29 Advanced New Technologies Co., Ltd. Credit payment method and apparatus based on mobile terminal embedded secure element
US10944567B2 (en) 2019-07-11 2021-03-09 Advanced New Technologies Co., Ltd. Shared blockchain data storage

Also Published As

Publication number Publication date
EP1636936A2 (en) 2006-03-22
WO2004114575A3 (en) 2005-03-31
AU2004250960A1 (en) 2004-12-29
WO2004114575A2 (en) 2004-12-29
JP2007524275A (en) 2007-08-23
CA2529800A1 (en) 2004-12-29

Similar Documents

Publication Publication Date Title
US7940927B2 (en) Information security device and elliptic curve operating device
US20040268127A1 (en) Method and systems for securely exchanging data in an electronic transaction
US6708893B2 (en) Multiple-use smart card with security features and method
CN109064324A (en) Method of commerce, electronic device and readable storage medium storing program for executing based on alliance&#39;s chain
US20020038420A1 (en) Method for efficient public key based certification for mobile and desktop environments
US20020157003A1 (en) Apparatus for secure digital signing of documents
US8656163B2 (en) Method for establishing a secured communication without preliminary information share
AU7202698A (en) Initial secret key establishment including facilities for verification of identity
EP1282261A2 (en) Method and system for the secure transfer of cryptographic keys via a network
US20120124378A1 (en) Method for personal identity authentication utilizing a personal cryptographic device
US7640432B2 (en) Electronic cash controlled by non-homomorphic signatures
US7305093B2 (en) Method and apparatus for securely transferring data
US20130018800A1 (en) Secure Authorization of a Financial Transaction
Wang Public key cryptography standards: PKCS
KR100971038B1 (en) Cryptographic method for distributing load among several entities and devices therefor
US11882101B2 (en) Methods and devices for generating a symmetric session key for encrypted communication
Deshmukh et al. Data security analysis and security extension for smart cards using Java Card
US20070130071A1 (en) Information management system, information management method, and program product therefor
US8543815B2 (en) Authentication method and related devices
Mohammed et al. Elliptic curve cryptosystems on smart cards
GB2373616A (en) Remote cardholder verification process
US20050123131A1 (en) Cryptographic system comprising an encryption and decryption system and a key escrow system, and the associated equipment and devices
EP1267516B1 (en) Method for securing data relating to users of a public-key infrastructure
US11956359B2 (en) Privacy preserving identity data exchange based on hybrid encryption
US20240039719A1 (en) Privacy preserving identity data exchange based on hybrid encryption

Legal Events

Date Code Title Description
AS Assignment

Owner name: VISA INTERNATIONAL SERVICE ASSOCIATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SAHOTA, JAGDEEP SINGH;REEL/FRAME:015059/0118

Effective date: 20040727

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION